TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 4dc83d40af813fd7036198248722864c89f56c1f^! / .
commit4dc83d40af813fd7036198248722864c89f56c1f[log] [tgz]
authorPrzemek Stekiel <przemyslaw.stekiel@mobica.com>Mon Feb 27 11:49:35 2023 +0100
committerPrzemek Stekiel <przemyslaw.stekiel@mobica.com>Tue Mar 07 10:50:00 2023 +0100
treec172adc5417e4b31e2880a48c57f4ec7ab63df95
parente3ef3a15cd472bdad2d57938a4a1a7855a190259 [diff]
Add check for pake operation buffer overflow

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md
index ac6b8de..c00796a 100644
--- a/docs/proposed/psa-driver-interface.md
+++ b/docs/proposed/psa-driver-interface.md

@@ -458,6 +458,10 @@
 * `PSA_JPAKE_X4S_STEP_ZK_PUBLIC`    Round 2: input Schnorr NIZKP public key for the X4S key
 * `PSA_JPAKE_X4S_STEP_ZK_PROOF`     Round 2: input Schnorr NIZKP proof for the X4S key
 
+The core has checked that input_length is smaller than PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step)
+where primitive is the JPAKE algorithm primitive and step the PSA API level input step.
+Thus no risk of integer overflow while checking operation buffer overflow.
+
 ### PAKE driver get implicit key
 
 ```

diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c
index c6f9e89..538df87 100644
--- a/library/psa_crypto_pake.c
+++ b/library/psa_crypto_pake.c

@@ -430,11 +430,26 @@
                 3, /* named_curve */
                 0, 23 /* secp256r1 */
             };
+
+            if (operation->buffer_length + sizeof(ecparameters) > sizeof(operation->buffer)) {
+                return PSA_ERROR_BUFFER_TOO_SMALL;
+            }
+
             memcpy(operation->buffer + operation->buffer_length,
                    ecparameters, sizeof(ecparameters));
             operation->buffer_length += sizeof(ecparameters);
         }
 
+        /*
+         * The core has checked that input_length is smaller than
+         * PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step)
+         * where primitive is the JPAKE algorithm primitive and step
+         * the PSA API level input step. Thus no risk of integer overflow here.
+         */
+        if (operation->buffer_length + input_length + 1 > sizeof(operation->buffer)) {
+            return PSA_ERROR_BUFFER_TOO_SMALL;
+        }
+
         /* Write the length byte */
         operation->buffer[operation->buffer_length] = (uint8_t) input_length;
         operation->buffer_length += 1;

diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h
index 9bdcc33..eb30881 100644
--- a/library/psa_crypto_pake.h
+++ b/library/psa_crypto_pake.h

@@ -96,6 +96,12 @@
  *       entry point as defined in the PSA driver interface specification for
  *       transparent drivers.
  *
+ * \note The core has checked that input_length is smaller than
+         PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step)
+         where primitive is the JPAKE algorithm primitive and step
+         the PSA API level input step. Thus no risk of integer overflow while
+         checking operation buffer overflow.
+ *
  * \param[in,out] operation    Active PAKE operation.
  * \param step                 The driver step for which the input is provided.
  * \param[in] input            Buffer containing the input in the format